The revision was triggered by
the necessity to adapt the legal framework to counter new threats of money
laundering and terrorist financing and to reflect recent changes due to revised
Financial Actiont Task Force (FATF) Recommendations.
The following blog post presents the new legal framework, including some crucial
measures which could represent a real step-up in the fight against money
laundering, financing terrorism and tax evasion.

1.Introduction
of an European register of beneficial ownership

The creation of an European register of beneficial ownership was one
of the sticking points of the negotiations, and was the reason why the text
attracted much more political attention than the previous directives and why the
negotiations took much longer than was expected.

1.1 Definition of beneficial ownership
and the problems caused by “phantom firms”

A beneficial owner
is a natural person – a real, live human being and
not another company or trust – who stands behind a company (or
trust) as the ultimate owner and controller, directly or indirectly
exercising substantial control over the company or receiving substantial
economic benefits (such as receipt of income) from the company. If the
true owner’s name is disguised, we deal with “anonymous companies”. In a
majority of countries, keeping unknown the true owner’s name is perfectly legal
and there is typically no requirement to disclose that the names listed are
merely front-people.

Such anonymous companies can be
created by using “nominees”, people who front the company in place of the true
owner, or by incorporating one or more of the companies in a country which does
not make details of the beneficial owners publicly available. Also called
“phantom firms”, they exist only on paper, with no real employees or office. While it’s certainly true that such
entities can have legitimate uses, the untraceable company can also be
a vehicle of choice for crimes such as money laundering, tax evasion and
financing of terrorism.

1.2 The role of anonymous companies in
money laundering

Although there are countless ways to
launder money, money laundering can be broken down into three stages:

§Placement: the
initial entry of illicit money into the financial system. This might be done by
breaking up large amounts of cash into less conspicuous smaller sums that are
then deposited directly into a bank account.

§Layering: the
second step consists in the process of separating the funds from their source.
This purpose is often followed by using anonymous shell companies: for
instance, wiring money to account owned by anonymous shell company.

§Integration: money
re-enters the legitimate economy, for instance, by investing the funds into
real estate and luxury assets.

That being said, it is clear
that these secretive “shell” companies and trusts play a central role in
laundering and channelling funds, concealing behind a veil of secrecy the
identity of corrupt individuals and irresponsible businesses involved in
activities, including tax evasion, terrorist financing, and the trafficking of
drugs and people. More precisely, it is impossible for law enforcement
officials go back to the real individuals ultimately responsible for the
company’s actions and to track the origin of illicit funds.

§1.3
The importance of central registers

Broadly speaking, with a view
to facing the risk of money laundering (along with financing terrorism and tax
evasion), the solution may be to know who ultimately stands behind a
company: the real owner or controller.

For this reason – and
also following the FATF’s recommendations, as discussed here – the Commission’s proposal for the 4th AML directive introduced
a new chapter, titled Beneficial Ownership
Information. The aim was to strengthen the information relating to
the beneficial owner, making such information available to competent
authorities and obliged entities in an adequate, accurate and timely manner. After all, only few EU jurisdictions
require structures to share such information with their national authorities
and the need to fill these gaps (a key loophole for money launderers) was strongly felt.

1.4.
Access to central register information…

Taking the first steps from the
Commission’s draft proposal, the European Parliament and the
Council went even further. Even though this was not envisaged in the
initial proposal, the negotiators agreed on the necessity of establishing
central registers of beneficial ownership information in every European State. This
was not without difficulties inside the Council: the main sticking point was administrative
issues more than political ones. Indeed, the fact that no Member State already has
a central register entails that they all have to create one, which is very
costly at the administrative level.

However, even though they
agreed on storing information on beneficial ownership, the European Parliament
and the Council had a divergent point of view on
another issue: whether details of beneficial owners have to
be publicly accessible or not.

In particular, in March 2014, the European Parliament approved a
version of the Directive that would have required every EU Member State to establish
ownership registers and make the information freely available to the public.
“The public registers will make life more difficult for criminals trying to hide
their money. Our economy currently loses huge amounts to tax evasion”, said
Civil Liberties Committee rapporteur Judith Sargentini (Greens/EFA, NL).

Instead, the Council released
its own draft in June 2014, that would also have mandated central
registers, but without requiring public access. The Council’s approach was to
restrict the access to competent authorities, Financial Intelligence Units
(hereinafter FIUs) and, if allowed by Member States, the obliged entity, e.g.,
banks and legal professions.

1.5. …a compromise was reached

The final text struck a compromise between these initial positions: on
the one hand those who demand full transparency (such as the European
Parliament, which voted 643-30 in favour of public registries and some Member
States as UK, France, Netherlands and Denmark); on the other hand those who
defend some secrecy for beneficial owners (some Member States led by Germany).

The compromise reached requires
EU countries to provide access not only to law enforcement and financial
institutions like the FIUs, but also to members of the public
who can demonstrate a “legitimate interest” in the information. They
will be able to access beneficial ownership information – such as the
beneficial owner’s name, month and year of birth, nationality, residency and
details on ownership – and the access may be subject to online
registration of the person and to the payment of a fee to cover administrative
costs. Any exemption to the access would be possible only on a case-by-case
basis in exceptional circumstances.

In conclusion, the collection
of ownership information is certainly a big step in the right direction, but
not as big as it should have been. In fact, even if the Directive does not
prevent countries from going beyond the Directive’s requirements and opening
their registries to full public access – as UK and Denmark have already said
they will do – “European leaders have missed an opportunity to show that the
future of business in Europe is open and transparent”, said Robert
Palmer, an anti-money laundering campaign leader at Global Witness, Furthermore, a Commission report on the
interconnection of national registers is expected by June 2019.

1.6. A “legitimate interest” is
required to access…

As result of the final compromise,
the members of the public have the right to access registers only if they have
a legitimate interest, narrowing in this way the number of people having the
right to access registers. So, to those who have pointed out that this
does not go far enough in terms of the EU’s ambitions on transparency, the
co-rapporteur Judith Sargentini assured that they made sure that the proposal
says that it’s up to the authority to prove that applicants do not have a legitimate interest.

Nevertheless, there is an
important issue left open: there is no indication of what
interests will be considered legitimate. Indeed, the concept of
“legitimate interest” itself is quite vague and the lack of a clear definition
entails that it lies with Member States to decide what a legitimate interest
should be.

1.7. A different regulation for trusts…

A different regulation is provided
for trusts, regarding in particular three aspects:

§the
regulation expects that information will be collected in closed centralised registries available only to government bodies.
This information includes the identity of the settlor, the trustee(s), the
protector (if any), the beneficiaries or class of beneficiaries, and of any
other natural person exercising effective control over the trust. Clearly the
fact that such information will not be available to the public can create a loophole in
the system which could significantly weaken the new directive, frustrating then
the aim of improving transparency. This loophole was due to the UK, where
trusts are quite common, and it was justified by the co-rapporteur Timothy
Kirkhope saying: “I heard some concerns and if I may just say on the issue of
trusts and wills: trusts and wills contain some of the most private and
personal information that there is about a person, and we are a parliament that
respects data privacy, hence disclosure for trusts has to be proportionate
within our proposals.”.

§the registration of beneficial owners of trusts
only when a trust “generates tax consequences”: such
wording is arguably too broad and highly susceptible to evasion risk

§the
central registration of beneficial ownership information
will be used where the trust generates
consequences as regards taxation (Article 30). Regarding legal persons,
instead, Article 29 of the Directive foresees that the location of the
beneficial owner register shall be the country by whose laws the legal person
is governed. This is a key issue because if it is not made clear that trust
registers need to be located in the countries by whose laws the trust is
governed, there is a high risk for that any other location would not serve the
purpose of enforcing transparency, especially considering the fact that trusts
are not recognized in the majority of Member States! (See also the declaration by Austria expressing concern about trusts).

1.8.
EU as a model to follow?

In closing on beneficial
ownership information, we may say that even if the EU institutions could have
gone even further in terms of transparency, the agreement reached sharply
contrasts with the lack of progress in the United States. The U.S. is, indeed,
notorious internationally for allowing anonymous companies to be formed.

“So let us make this an example for
other countries in the world. Would it not be fantastic if the USA were to
follow us, would it not be marvellous in our fight against tax avoidance and
tax evasion? I want everyone to help us reach that.”, said the co-rapporteur
Judith Sargentini at the end of her intervention at the MEPs debate in plenary
session.

2.The
Risk-Based Approach

The risk-based approach is
another hot topic and a new element of the 4th AML
directive. The idea is that the risk of money laundering is not exactly the
same in every situation. It’s then important to be able to understand what the
risks of money laundering and financing terrorism are in order to adapt
customer due diligence (CDD) measures to different situations: focusing
resources on those areas where is demonstrated that risks are higher and giving
the possibility to apply simplified due diligence when risks are lower.

In other words, introducing a
risk-based approach means that countries, competent authorities and reporting
entities are expected to identify, assess and understand the money laundering
as well as terrorist financing risks they are exposed to, so that they can
develop the appropriate measures to
mitigate and better target these risks. This activity will be supported at four
different levels:

1.European
Union: supranational risk assessment, carried out by the Commission, aimed to
pinpoint risks related to the internal market.

2.Member
States: national risk assessment to understand exactly where the risk appears
or may exist within their specific jurisdictions.

Certainly, this is a main change compared
to the third AML Directive where we had three scenarios: simplified, normal and
enhanced CDD rules. In the fourth Directive, instead, CDD-rules are more risk sensitive: it all depends on
what kind of risks exist, discerning between enhanced measures where risks are
greater and simplified measures where risks are demonstrated to be less. Nevertheless, there are some
particular cases where obliged entities shall be required to apply Enhanced
Customer Due Diligence. More precisely, this applies: when dealing with clients
in third country identified as “high risk”; in cases of cross-border
correspondent relationships with third countries; in transactions involving
Politically Exposed Persons (and family members); and in complex and unusually
large transactions which have no economic or lawful purpose. In any other
case, the risk-based approach is applied, removing the automatic entitlement to
apply Simplified Customer Due Diligence when dealing with specified customers
and products.

3.Politically
Exposed Persons (PEPs)

3.1. What is a Politically Exposed
Person and what are the risks associated?

The Third AML Directive defines
“politically exposed persons” as natural persons who are or have
been entrusted with prominent public functions such as Heads of
State or of government, senior politicians, senior government, judicial or
military officials, senior executives of state owned corporations, important
political party officials. Immediate family members or persons known to be
close associates of such persons are included in the definition.

Due to the position they hold, it is
recognised that many PEPs are in positions that potentially can be abused for
the purpose of committing money laundering offences and related predicate
offences, including corruption and bribery, as well as conducting activity
related to terrorist financing. So, in case of business relationships with
PEPs, it was felt necessary to put in place preventive measures, especially
anti-money laundering and counter-terrorist financing measures.

3.2. The third AMLD and the FATF standards

To address such potential risks
associated with PEPs, in 2003 the Financial Actions Task Force released obligatory requirements for foreign PEPs (whether
as customer or beneficial owner). In particular, in addition to normal customer
due diligence measures, financial institutions should
be required to:

§have
appropriate risk-management systems to determine whether the customer or the
beneficial owner is a politically exposed person;

§take
reasonable measures to establish the source of wealth and source of funds;

§conduct
enhanced ongoing monitoring of the business relationship.

Following the international
standards, the third AML Directive envisaged that obliged entities are required
to apply enhanced customer due diligence measures with respect to PEPs,
only regarding to PEPs who reside in another Member State or in a third country (i.e. foreign PEP).

3.3. Fourth AMLD enlarges PEPs regime…

Taking account of the FATF
recommendation adopted in 2012 and following the aim of enhancing due
diligence, the fourth AMLD extends the requirements provided for foreign politically exposed persons to domestic PEPs and PEPs of
international organizations. The difference between different
type of PEP depends on who has
entrusted the individual with the prominent public function, i.e. the country in
question or another country or an international organisation.

In particular, in cases of a higher risk business relationship with
a customer or beneficial owner who is a domestic PEP or a person who is or has
been entrusted with a prominent function by an international
organisation, financial institutions should be required to
apply the same measures as those that are applied to foreign PEPs. It
should be also noted that a domestic PEP is subject to the foreign PEPs
requirements if that individual is also a foreign PEP through another prominent
public function in another country. In brief, the fourth AML Directive does not make such a distinction, and automatic enhanced due diligence measures will be required in the case of
any PEP, regardless of where they originate from.

4.Coverage
of the gambling sector

Casinos and gambling services are
often a target for money launderers, attracted by their nature of “cash intensive
business”, where the majority of transactions are cash based. Therefore,
another essential topic discussed concerns whether the scope of the
Directive will cover all gambling operators (even those viewed as low risk) or
only casinos and online gambling operators.

With a view to facing new
emerging threats, it was felt the need to extend the scope of the third AMLD,
in which only casinos were required to apply Customer Due Diligence (CDD). The
new directive indeed brings into the scope all providers of gambling
services when dealing with transactions of at least €2,000.

Nevertheless, in the final
compromise a proportionate risk-based approach was
introduced. If, after conducting a risk assessment, EU Member States find that
there is a “proven low risk” of money laundering and terrorist financing,
because of “the nature and, where appropriate, the scale of operations of such
services”, they are able to exempt certain gambling operators – although not
casinos – from some or all requirements, in strictly limited and justified
conditions.

5.A
new Regulation on the traceability of fund transfers

In parallel with the revision of the
money laundering Directive, a Regulation on the transfer of funds was also
approved. The two legislative measures pursue the common objective of revising
the existing anti-money laundering and counter terrorist financing EU framework
in order to improve its effectiveness while ensuring its compliance with
international standards. In particular, the new Regulation is based on Recommendation
16 on wire transfers adopted by the Financial Action Task Force.

Besides, the choice of a Regulation
aims to ensure that this international standard is transposed uniformly
throughout the Union and, in particular, that there is no discrimination between
situations involving national payments within a Member State and cross-border
payments between Member States.

5.2 What is it about?

The Regulation is about tracking transfers of funds, in any currency, sent or
received by a Payment Service Provider (PSP) established in the Union. The
tracking is implemented by placing certain requirements on the information
that accompanies transfers and applies to all the PSPs involved
in the payment chain. The basic logic behind is: the higher the amount and the
higher the risk of irregularity, the more checks and controls we should have in
place. Indeed, collecting basic information
on the transfers may help appropriate law enforcement and/or prosecutorial
authorities in detecting, investigating, prosecuting terrorists or other
criminals and tracing the assets of terrorists. For this reason, it is
essential ensuring that transfers of funds contain complete, accurate and
meaningful information on the payer.

5.3. What changed from the previous legislation?

The Regulation which was repealed
(i.e. Regulation EC 1781/2006) already required Payment Service Providers to
accompany transfers of funds with information on the payer. New rules also
require information on the payee (the
person who receives the payment) to be included.More precisely,
the payer’s PSP must: a) ensure transfers of funds are accompanied by
information about the payer (as name, payment account number etc.); b) verify
the information on the payer, using “documents, data or information obtained
from a reliable and independent source”; c) ensure that transfers of funds are
also accompanied by the name of the payee and the payee’s account number.

For its part, the payee’s PSP
must be able to detect a lack of presence of information on the payer when
receiving transfers and take appropriate steps in order to correct this
situation: in this way, transfers of funds received by
the payee do not remain anonymous. In addition, the Regulation requires
verification of information on the payee (such as his name and his payment
account number) when transfers of funds exceed €1000, before the PSP credits
the payee’s account or makes the funds available to the payee. Verification of
this information is not required in other cases, unless the payee’s PSP has
reasonable grounds for suspecting money laundering or terrorist financing.

5.4. Not only recording information but
also…

While verifying and recording
information, the PSP must exert aspecial vigilance regarding such transfers and, on a risk sensitive basis and taking into account
other pertinent factors, report suspicious transactions to
the authorities responsible for combating money laundering and terrorist
financing. PSPs should also respond fully and rapidly to enquiries by such
authorities.

6.Cooperation
between Financial Intelligence Units (FIUs)

6.1.What are FIUs?

In the early phases of the
development of the AML regime it became obvious that skilled personnel were
needed to understand trends in money laundering and to make sense of the huge
amounts of information being produced by financial institutions under
reporting obligations. In response to this need, and to the need for a centre
of analysis and dissemination of financial intelligence, FATF Recommendation 26
called for the establishment of entities commonly referred to as “financial
intelligence units” or “FIUs”.

Adjusting the EU legal
framework to the international standards, the Third AMLD required each Member
State to establish specialized governmental
agencies to deal with the problem of money laundering and other
financial crimes. A FIU, quite simply, is a central, national body responsible
for receiving (and as permitted, requesting) financial information, concerning
suspected proceeds of crime and potential financing of terrorism, or other
information required by national legislation or regulation. A FIU is then
responsible for processing that information in some way
and disclosing it to an appropriate government authority in support of a
national anti-money laundering effort.

6.2.Strengthening of their role with the fourth AMLD

The Fourth AMLD aims to strengthen the role of FIUs and their cooperation in respect of
exchanging information. In particular, the Regulation requires the FIU to be operationally independent and autonomous. In other
words, the FIU must have the authority and capacity to carry out its functions
freely, including the autonomous decision to analyse, request and disseminate
specific information. Also the FIU must be provided with adequate financial, human and technical resources in
order to fulfil its tasks.

Moreover, Member States must ensure
that the FIU is empowered to take urgent action,
either directly or indirectly, when there is a suspicion that a transaction is
related to money laundering or terrorist financing, to suspend or withhold
consent to a transaction going ahead in order to analyse the transaction,
confirm the suspicion and disseminate the results of the analysis to competent
authorities.

Nevertheless, it is not made clear,
as it wasn’t either in the third AMLD, the manner in which the FIUs can achieve
their goals. The text does not clarify their nature which brings to the fact
that the organisational nature of FIUs differs across Member States: they can
be administrative, judicial, or police structures. The problem then is that
having different powers can cause difficulties in exchanging information,
including the possibility to access information, with consequences for the
effectiveness of cooperation.

7.Strengthening Data Protection

The last but not least issue
discussed during negotiations concerns data protection rules – especially the
need to enhance effectiveness of AML prevention while ensuring a high level of
protection of personal data. Both public and private stakeholders have pointed
to a number of difficulties regarding the compliance of the AML requirements
with a high level of protection of personal data. Indeed, under the AML
legislation, the requirements to collect and process data (e.g. to monitor
transactions and customer relations against sanctions lists, to identify
beneficial owners, to maintain records for criminal investigation purposes,
etc.) increase the amount of data being collected, along with the possible
consequences for data subject.

In the previous AML legislation,
there was a lack of clarity about how these requirements were to be reconciled
with rules on data protection, in particular at national level, which was
leading to incoherent approaches across Member States. So during negotiations for the Fourth
AMLD, the European Parliament voted for a significant number of amendments to
enhance the protection of privacy. The key points are:

1.How
long can you hold Customer Due Diligence (CDD) data for: the time
limit for holding data is five years and after that period you must delete the
data. However, you may be able to retain data for a further five years: this
possibility depends on Member State legislation and justified on a case-by-case
basis (Article 40 of the AMLD).

2.Informing
clients about how the data may be used: the new clients have to be
informed of the possible use of their personal data for money laundering
prevention purposes before establishing a business relationship.

3.Only
using data for the purpose for which it was obtained: you should
only use data for the original purpose and not for any other purpose, without
consent.

4.It
has been made clear that data can’t be used for commercial purposes.

A positive feeling on the
respect of data comes also from the co-rapporteur Judith Sargentini who said
“we cleaned up the data protection […]. So we made sure that the data subject,
the person who wants to know something – perhaps they have a feeling that
something went wrong with their data – has rights to redress,
without tipping off criminals, but they have the right to redress. We respect data retention rules.”.

Besides, Věra Jourová – as
member of the Commission and responsible for the data protection reform, going
to replace 28 national regimes by one strong pan-European regime for protection
of personal data – added: “speaking about data protection in relation to the
Anti-Money Laundering Directive and related things in the new legislation, I
can say that we pay very high attention to protecting fundamental rights and
especially the right to privacy and the right to the protection of personal
data. These two pieces of legislation are very compatible and they can
work together very well when they are introduced in practice.”.

8.The impact on legal professions…

Certainly lawyers are involved in
many activities which are vulnerable to money laundering, such as: a) use of client
accounts; b) purchase of real estate; c) creation and management of trusts and
companies. In fact, the implications of this new legal framework for legal
professionals are much better than the third AML Directive. Indeed, there has
been a fight between law firms (and the legal professions in general) and the
Commission for years on these issues, and now most of the provisions of the new
Directive come from what the European Court of Justice (as well as the European
Court of Human Rights) has said.

The most important judgment is Case
C-305/05, OBFG v Council. In this case, the Belgian Bar Association
alleged that the extension, foreseen in the third AMLD, to
lawyers of the obligations to inform the competent authorities when
they come across facts which they know or suspect to be linked to money
laundering and to transmit to those authorities additional information which
those authorities consider useful, unjustifiably impinges on professional secrecy and the independence of lawyers,
principles which are a constituent element of the fundamental right of every
individual to a fair trial and to the respect of his rights of defence. So, at
the request of the Belgian Cour d’Arbitrage, the Court of Justice was asked to
clarify whether the imposition of those obligations on lawyers infringed the
right to a fair trial.

The Court’s ruling, incorporated in the 4th AMLD, stated that the obligations of
information and cooperation apply to lawyers only in so far as they advise
their client in the preparation or execution of certain transactions
essentially of a financial nature or concerning real estate, or when they act
for and on behalf of their client in any financial or real estate transaction.
As a rule, those activities, by their very nature, take place in a context
which has no link to judicial proceedings, and consequently, fall outside the
scope of the right to a fair trial.

In any other case, the legal advice is
subject to professional secrecy. So, as soon as a lawyer
is called upon for assistance in defending a client or in representing that
client before the courts, or for advice as to the manner of instituting or
avoiding judicial proceedings, that lawyer is exempt from the obligations of
information and cooperation, regardless of whether the information has been
received or obtained before, during or after the proceedings. An exemption of
that kind safeguards the right of the client to a fair trial.

9.Next
priorities…?

As for the next political
priorities, certainly it is quite essential to ensure
transposition: the AMLD must be implemented as soon as possible. The
European Commission, in order to ensure an effective and consistent application
of the Directive, will assist Member States in the transposition of the
Directive by organizing workshops and clarifying the interpretation of certain
provisions.

It is also worthy to mention
the new European Agenda on Security 2015-2020, adopted by
the European Commission to support better cooperation between Member States in
the fight against terrorism, organised crime and cybercrime. In the Agenda,
indeed, there is an AML and a counter-terrorism dimension, so that it may be
possible to have some further measures on financing. The Agenda mentions
specifically preventative measures regarding freezing assets of EU internal
terrorists (Article 75 of the treaty), but also expects some further
initiatives at the international level, especially the mandate of FAFT to carry
out a revision of initiatives existing in terrorist financing to see the
effective application of these existing rules and to come up with potential new
initiatives in terrorism financing. FATF may present a report in October this
year.